I was just following an article posted in 4sysops a year and a half ago https://4sysops.com/archives/powershell-remoting-between-windows-and-linux/, and I can see it needs an update. I was able to PSRemote from Linux Centos7 PS Core 6.1 to Windows 10 PS 5.1, however the instructions did not work because HTTP clear text passwords are not allowed anymore. Fortunately, I was able to install a Kerberos client pointing to my Windows DC and changed the -Authentication from BASIC to KERBEROS and made it work.

The problem I now have is the opposite. I need to PS Remote from Windows PS 5.1 to Linux PS Core 6.1. I installed OMI and PSRP as stated in the article, however there is no way to make it work. I read I need to use SSH however that works from PS Core 6.1 only, and I need to use Windows PS 5.1 because of some Modules that use WPF.

Are there any updated instructions on how to connect from Windows to Linux over WinRM? Please advise

PSCore has SSH features, PSv5x does not and there are no plans to ever add it or anything else to PS5x, so, you have to add that SSH module from the PS gallery. Note there are several of theme provided by the PS Package Manager PSGet which is part of PS5x, but has to be installed on PS4x. It is not supported below PS4. Posh-SSH is the most common one used.

The first thing I wanted to try was an interactive remoting session from Windows Server 2016 to CentOS Linux. Per the docs, this is what I did, and as you can see from the subsequent screenshot, I was successful:

That restriction came after this article was written, so there is nothing I can do to make it work that way. I had to implement Kerberos client in Linux, following the instructions found at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/introduction so I ended up joining my Windows Domain, and was able to authenticate using Kerberos and not Basic. Something to notice is that when the KDC is already configured to point to the Domain Controller, the userid passed at the Credentials must have the domain specified in uppercase (i.e. userid@DOMAIN.LOCAL) otherwise it is not going to work. That made the trick and I was able to finally have a remote session from Linux to Windows.

2. For the Windows to Linux remote session, more instructions need also updating.

After this, I was able to connect from Windows to Linux using the commands stated in the referenced article. I was also able to change from Basic to Kerberos authentication when connecting to Domain computers, by specifying the domain user as userid@DOMAIN.NAME in the credentials (yes, in uppercase).

Installing, as suggested, one of the many SSH modules is also a possibility I will explore later on.

That restriction came after this article was written, so there is nothing I can do to make it work that way. I had to implement Kerberos client in Linux, following the instructions found at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/introduction so I ended up joining my Windows Domain, and was able to authenticate using Kerberos and not Basic. Something to notice is that when the KDC is already configured to point to the Domain Controller, the userid passed at the Credentials must have the domain specified in uppercase (i.e. userid@DOMAIN.LOCAL) otherwise it is not going to work. That made the trick and I was able to finally have a remote session from Linux to Windows.

2. For the Windows to Linux remote session, more instructions need also updating.

After this, I was able to connect from Windows to Linux using the commands stated in the referenced article. I was also able to change from Basic to Kerberos authentication when connecting to Domain computers, by specifying the domain user as userid@DOMAIN.NAME in the credentials (yes, in uppercase).

Installing, as suggested, one of the many SSH modules is also a possibility I will explore later on.

Something to notice is that when the KDC is already configured to point to the Domain Controller, the userid passed at the Credentials must have the domain specified in uppercase (i.e. userid@DOMAIN.LOCAL) otherwise it is not going to work.

… this sort of thing has to be done with the way KCD (Kerberos Constrained Delegation) has to be configured to work in Windows proper when setting up the keytab file for KCD comms.

Author

Posts

The topic ‘WinRM PS remoting from Windows to Linux’ is closed to new replies.